LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-06-2005, 12:30 AM   #1
paddyjoy
Member
 
Registered: Apr 2005
Location: Sydney
Distribution: FC5
Posts: 174

Rep: Reputation: 30
Samba on DMZ


Hi,

I have set up samba on one of my machines which is exposed to the internet using the DMZ setting on my router. I can acccess the samba shares from any computer on my internal network but can't access the shares from anywhere external. I have uncommented the line hosts allow = in smb.conf but still no luck. Anyone have any other ideas what could be prevented access?

Paddy
 
Old 10-06-2005, 08:16 AM   #2
RanDrake10
Member
 
Registered: Oct 2004
Location: Florida
Distribution: Debian
Posts: 319

Rep: Reputation: 30
What about FC's firewall settings.
 
Old 10-06-2005, 06:22 PM   #3
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
For security I would strongly recommend against accessing your samba shares from the internet. Samba is not a designed for the internet and all data you access will be exposed in clear view of others. If you need to access your shares from the internet you should look at setting up some form of encryption like a vpn to make sure your data is secured.
 
Old 10-06-2005, 06:43 PM   #4
SteveK1979
Member
 
Registered: Feb 2004
Location: UK
Distribution: RHEL, Ubuntu, Solaris 11, NetBSD, OpenBSD
Posts: 226

Rep: Reputation: 43
Quote:
For security I would strongly recommend against accessing your samba shares from the internet. Samba is not a designed for the internet and all data you access will be exposed in clear view of others. If you need to access your shares from the internet you should look at setting up some form of encryption like a vpn to make sure your data is secured.
Ditto. Even if you configure samba correctly to require authentication etc. it's got a mass of potential security holes, as have the MS protocols it's designed to support. You really don't want to do this.

Cheers,

Steve
 
Old 10-06-2005, 07:17 PM   #5
paddyjoy
Member
 
Registered: Apr 2005
Location: Sydney
Distribution: FC5
Posts: 174

Original Poster
Rep: Reputation: 30
Thanks for the info, due to the security risks I have decided to put the machine behind a firewall and set up a vpn and access my files that way. Sounds liek it's a lot safer than using samba!

Paddy
 
Old 10-06-2005, 08:17 PM   #6
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 234Reputation: 234Reputation: 234
Smart move, now I don't have to post a "double ditto".

And thanks for acknowledging the advice taken.
 
Old 10-06-2005, 08:27 PM   #7
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
Quote:
Originally posted by paddyjoy
Thanks for the info, due to the security risks I have decided to put the machine behind a firewall and set up a vpn and access my files that way. Sounds liek it's a lot safer than using samba!

Paddy
That's a good idea, samba is orginally designed for an internal network, things like http, ftp and mail servers are usually what you put on your dmz since you have to allow certain ports to forward into the network this provides a pinhole for exploitation, and by having a serperate network if some hacker/cracker/scriptkiddy manages to compromise host on that network, it's atleast seperated from you local network.
 
Old 10-06-2005, 08:36 PM   #8
paddyjoy
Member
 
Registered: Apr 2005
Location: Sydney
Distribution: FC5
Posts: 174

Original Poster
Rep: Reputation: 30
Downloaded openvpn and got it up and running in about 15 minutes, too easy! Feel a lot safer now

Thanks,

Paddy
 
Old 10-06-2005, 10:14 PM   #9
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
Quote:
Originally posted by paddyjoy
Downloaded openvpn and got it up and running in about 15 minutes, too easy! Feel a lot safer now

Thanks,

Paddy
I haven't used openvpn, didn't realise it was that easy to setup, going to look into it myself
 
Old 10-06-2005, 10:35 PM   #10
paddyjoy
Member
 
Registered: Apr 2005
Location: Sydney
Distribution: FC5
Posts: 174

Original Poster
Rep: Reputation: 30
Yeah you should, they have a good how-to on their site. I'm at work now and have my windows xp machine connected into the openvpn server running on fc4 at home, I'm pretty impressed

Paddy
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DMZ help... phishman3579 Linux - Networking 19 12-10-2005 01:58 AM
what is dmz blackzone Linux - Networking 3 01-06-2005 06:46 AM
Move w2k Member of Samba Domain to DMZ ollitronix Linux - Networking 2 07-19-2004 03:16 AM
DMZ help phishman3579 Linux - Security 1 07-15-2003 05:47 PM
Samba in the DMZ Bomber Linux - Networking 12 12-14-2002 05:36 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration